CVE-2021-32569

Опубликовано: 14 окт. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to

Ссылки

https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html
Third Party Advisory
https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ericsson:operations_support_system-radio_and_core_firmware:*:*:*:*:*:*:*:*

Версия до 18b (включая)

cpe:2.3:h:ericsson:operations_support_system-radio_and_core:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00529

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pp6j-7q29-2wxx

CVSS3: 6.1

github

больше 3 лет назад

** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.

EPSS

Процентиль: 67%

0.00529

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79